A winning combination of enterprise-grade security to protect your customers and proven reliability to keep your recurring billing running smoothly.
Chargify is annually audited to maintain the highest level of PCI compliance for a service handling sensitive payment data. With billing information flowing through Chargify, you can comply with industry-standard security practices without the time and resources required to maintain such standings. Our number one goal is to protect you and your customers.
Download Chargify’s compliance validation
Service Organization Controls (SOC) exist to validate a company’s controls and ensure industry standards are followed. Our SOC 1 report was prepared in accordance with the Statement on Standards for Attestation Engagements No. 16 (a.k.a SSAE 16) and documents operational policies and procedures for Chargify’s system of internal controls.
As a security best practice, we require secure passwords for all Chargify users. As an additional layer of protection, we provide the ability to enable two-factor authentication. When enabled, internal team members must enter an authentication token from their mobile device prior to gaining access to the Chargify interface.
Your teams play important roles in running your subscription business, but not every team member needs full access to Chargify’s interface. Customer support needs to access and manage subscription information, finance needs to view and export financial metrics, etc. Our access controls allow you define what users can see and do within your Chargify account.
Our software runs in three datacenters across the US. On a daily basis, we export the database and store it in an offsite facility for extra redundancy.
Extensive performance and availability monitoring allows us to keep a close eye on system health and mitigate unforeseen issues early on.
Uptime is as mission critical to us as it is to your business. Our trailing three-year uptime record is 99.99%, and we’re fanatical about maintaining that record.View our uptime report.
We regularly submit ourselves to hacking by the best "good-guy" hackers in the business. This practice ensures we remain the most reliable, secure system in the industry.
We provide a PGP key to encrypt sensitive communication that you send to us.
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBF3xJ1EBEACjrg+DxoQ1Hd0Q9W3b+nslY4rqfQNJHk/f+v3pDXorqzrivDQA hYs43x/tLVywnURNEfIzD/dvZ3KLgESUhsZdy1NsJB3NKfwzeOqWsBFqW6X3za9i 3jj/xhVGbOciJSR4PWuRRwlGh6IFKEEm92jVQa9MZbH5bfY8VO2WushG7gzpL10i TTMT9V/Fnsgza4epC20tpBygErFs8Zu31Z/UonDaENDXgKzSqoP+bbDkCGsp+q2q kE7K6MmnHb/9p82upkAGw9uGcPRXLMQUJRGI6P04EVEcNpx60QlEu6tDUyG0AyRS z49FnTdUCKKuZUewxTvmYhfwJxs2VazwzNnHHmVizp1gdkW1wT6sQ7yqT8w0YSU3 scWLZ0zzGx3/MP9Fm19B4+DJLT7Y+GNZYklmEP0o+Vu4LvvUAeB7rZhG6BWlt/c1 pig+QfSjN3yCii/vzpvlPhDbpgm2zKmqfSoKbhRsItrjugHKL6Rx6Uttb3wtCsQM LiqX/mD+7lS7p+2xEjikOhyc/QBxRyEe+Wg3oZfUK6dPcfelKQfRffk1ojOucti8 jSXmGBlAIpXnAQzj8haC6qBJq3j8+LnWycLf6q64RyxoR7924lB/5B6qSXxLuQ5I luNA5VfYXX20RqvpdR5AnujJIQWIoFpTw6uxVhaMuv+1tIXn4Kb+OPS5IwARAQAB tClDaGFyZ2lmeSBTZWN1cml0eSA8c2VjdXJpdHlAY2hhcmdpZnkuY29tPokCVAQT AQgAPhYhBHwyZ+cHV3g+8O9n/u2NkgvV0jYfBQJd8SdRAhsDBQkB4TOABQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAAoJEO2NkgvV0jYfMfQP/19rhCte6bDE2moXwfsd 7H3m1P1inyP3mE0w0ULmlh+XOzCSvOnEkkazAUjkPFD/ZQQxkonUQw3HaNnaqcxc 2B/Z4so4lBFgUGDBJKWHYTLxgMUHUuy2D5FGTE9x2BJYsGOSYcyDT67gA+jQjdtN RAlMwNDdLWGVY9kjhfoz+v8ojSkmRNwGo7fdAcer3iMzpU9WFipsjhaf/VJcAeZD pkryGoCXzgHxCWYCWc6PDhVDUkZ/zq0L4cku+VYKxY/pT8dgVEfqE2xc0/1l9fsU y95ofgTOp5ftWncp3oL5XUI8MTumVMEWDVmluuKWczVO4dDEcy3nDW7u2JJdoNk/ rznF1sNo41VZfjt3idtEnn5fn9e4zhoy2TaJ/E4bkE3U6ueqFuX2tb6S3MWKAMjS qgkZqiCf5XADNnUldFERBvVduR0yW1FOaDhe9j/sHCkluFK8tMmmFWHdqEwnfdpn DhJEq9K97Gv2fFXToPvrL+qdWkRxZCLvBnFflvYdxMU5KPpDNJvbdKSD+je80Jm3 /+rg42XJpoE8DiiggiHbyxsmU5zVAh8xd6yx6siElkDf3YrYaP39USIwk5jNlji+ 1KMGi3+b+viSk8e1s3hST4DAG9C2nMKUPK02lSkKmsfGMl1ttnrtn7G/8T/tpEOC JuxBYLusNPbO22APWzizSHG8uQINBF3xJ1EBEACdtFvOazTuumTalxVZBHnOfSfE jhuTJeK2AOF3yIjQu73jXzoXoPuGzQjU7fn+XES00SSkfjp5hwWoIR1/5b7GgtqM XQcCMAeThrPVwF+XzSPkm1bWkhGHxhDaACbkstv/lwALJWp4BGsXWOLfqY9mkmgd 411DMK1gn24Xtmve+lMeGLNWMKXN1P45AuuAig6ypRfCJjrNYNOERLZA107wIJ83 7JDvNzdLuXGw2lhyS2xsW6+hcQ6ueFSXjMICj1GsjhjTUUCWBqPD+sT0SYCqkOyY SaZIjFf7jAqaBJKL0gURkhtzzlQxczH0FlZeeYhuIey/rlx1JVyetyJvGy/+HhLz 6mP8iFfFUgXa7UHJao6NSslk+SoG76XYDSx0AQ3f0SFeuM8z48zR+6LCCpOZA1Bn /f7HnzOYLHcOFyWv4fvARLO3TZZjLZTzR/hBBrdp2SE6LZAG40oIx4rwFawYQ2RK NFkHCmZsHL/5/4sUDecWNStmsiFN5LBNOEK2lD0H1olhuWiDzFoT/CLEbNTrf5h3 1kFAOqIdwA6u0dHcSu848d9jiUY7EWKao83Nve/GJF7YelUJ5SDbJTmb3vMR7al6 fS4akpKTL3feUwyEj3BEvm0QveOcvChqNwvqOMHwKn0gzcjGP78+6kyVoqmhsDJF MzxSZyuXhy3GR8dMjwARAQABiQI8BBgBCAAmFiEEfDJn5wdXeD7w72f+7Y2SC9XS Nh8FAl3xJ1ECGwwFCQHhM4AACgkQ7Y2SC9XSNh85Zg/+OcW6UF+GfpOFi7burQDx ucJXLVV8015/NSNwUCpyRvn5F3n24KzvXvizqWbxWGE3JwikCneRhu2wfEjnMOAS AVcQqOuAjuVzh9spoOjA9MAd1jH3Qh/40vUhbdiMheQulKFff4xPNfWI8ZZrFt6C W0N0GKywvC/XaWaXZ7gakjePYSka4JF5AGJLDQi1HzyUkZDAR5HOcHYiB7/Pqg2g MEdbXCXBevnGuDsrZE658vkEMHeU6p0mt4S7VC27hl2z1IMKrchKdCU5JcJd+nJF B3qSG0yEJjKUjqQS2JvVKfHTd+O79/siGfQt6evbWugSO2bHnb6DZUmdXGtkbwWa 5Borv6w+Icvsw9TiZkgnUFgDUwldqsiI6LuzpwftThxKaT7AfZuOC3+FgwlKO+mg lpuRQaj5mJdcg9LPJ79qMa0JzeODyPiMZp1QK6XPOBmbKHTkv/ilPGLKb9aZaa9w mn7q97B90dlJ/xaO+M5tn+bKMPu/j582UAVF54fspgbMbCVkJzaqFMAaJaW6zBax PhUh4EqmVoHDiOtdJ4bOzMPRFr1gftVJWraJP8q7Qm5DmMrA+NhmnPXdkBQVPkgW oc2M3TayLla7bdEIxcJR2dESRZ5yxdKX/l/gjKcTrE/BcG8yh8rwIxk+JMSRuS/L jnu2Iz/XrIIuya4r33rZMbg= =vl4N -----END PGP PUBLIC KEY BLOCK-----
We take our security very seriously and welcome any responsible disclosure of potential gaps in our systems.
If you believe you have discovered a potential flaw in any area of Chargify's security measures, we ask that you please share the information with us first and retain secrecy of your findings until we have remediated the issue.
If you have identified a vulnerability, report it via email to security@chargify.com
View RulesWe ask that you follow these rules for any responsible use of our system:
We ask that you please do not submit low value issues when there are only loose connections to known best practices, unless you can demonstrate a chained attack with higher impact. Google maintains an exhaustive list with explanations. This also includes things like:
